From: Victor Julien Date: Mon, 2 Mar 2015 07:59:44 +0000 (+0100) Subject: rule vars: support prefix X-Git-Tag: suricata-2.1beta4~116 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=85e12f2bc6b75de14a9f324a879dff547118dcd6;p=thirdparty%2Fsuricata.git rule vars: support prefix Support the detection engine's prefix when retrieving rule vars. --- diff --git a/src/util-rule-vars.c b/src/util-rule-vars.c index 32cfa78bb4..f060a14af1 100644 --- a/src/util-rule-vars.c +++ b/src/util-rule-vars.c @@ -69,7 +69,7 @@ char *SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, SCEnter(); const char *conf_var_type_name = NULL; - char conf_var_full_name[1024] = ""; + char conf_var_full_name[2048] = ""; char *conf_var_full_name_value = NULL; if (conf_var_name == NULL) @@ -80,9 +80,16 @@ char *SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, if (conf_var_type_name == NULL) goto end; - if (snprintf(conf_var_full_name, sizeof(conf_var_full_name), "%s.%s", - conf_var_type_name, conf_var_name) < 0) { - goto end; + if (de_ctx != NULL && strlen(de_ctx->config_prefix) > 0) { + if (snprintf(conf_var_full_name, sizeof(conf_var_full_name), "%s.%s.%s", + de_ctx->config_prefix, conf_var_type_name, conf_var_name) < 0) { + goto end; + } + } else { + if (snprintf(conf_var_full_name, sizeof(conf_var_full_name), "%s.%s", + conf_var_type_name, conf_var_name) < 0) { + goto end; + } } if (ConfGet(conf_var_full_name, &conf_var_full_name_value) != 1) { @@ -423,16 +430,92 @@ end: return result; } +static const char *dummy_mt_conf_string = + "%YAML 1.1\n" + "---\n" + "vars:\n" + "\n" + " address-groups:\n" + "\n" + " HOME_NET: \"[1.2.3.4]\"\n" + " port-groups:\n" + " HTTP_PORTS: \"12345\"\n" + "multi-detect:\n" + " 0:\n" + " vars:\n" + "\n" + " address-groups:\n" + "\n" + " HOME_NET: \"[8.8.8.8]\"\n" + " port-groups:\n" + " HTTP_PORTS: \"54321\"\n" + "\n"; + +/** + * \test Check that valid address and port group vars are correctly retrieved + * from the configuration. + */ +int SCRuleVarsMTest01(void) +{ + int result = 0; + DetectEngineCtx *de_ctx = NULL; + + ConfCreateContextBackup(); + ConfInit(); + ConfYamlLoadString(dummy_mt_conf_string, strlen(dummy_mt_conf_string)); + + if ( (de_ctx = DetectEngineCtxInit()) == NULL) + return 0; + de_ctx->flags |= DE_QUIET; + snprintf(de_ctx->config_prefix, sizeof(de_ctx->config_prefix), + "multi-detect.0"); + + /* check for address-groups */ + result = (SCRuleVarsGetConfVar(de_ctx,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL && + strcmp(SCRuleVarsGetConfVar(de_ctx,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS), + "[8.8.8.8]") == 0); + if (result == 0) + goto end; + + result = (SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL && + strcmp(SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS), + "[1.2.3.4]") == 0); + if (result == 0) + goto end; + + /* check for port-groups */ + result = (SCRuleVarsGetConfVar(de_ctx,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL && + strcmp(SCRuleVarsGetConfVar(de_ctx,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS), + "54321") == 0); + if (result == 0) + goto end; + + result = (SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL && + strcmp(SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS), + "12345") == 0); + if (result == 0) + goto end; + +end: + ConfDeInit(); + ConfRestoreContextBackup(); + + if (de_ctx != NULL) + DetectEngineCtxFree(de_ctx); + return result; +} + #endif /* UNITTESTS */ void SCRuleVarsRegisterTests(void) { - #ifdef UNITTESTS UtRegisterTest("SCRuleVarsPositiveTest01", SCRuleVarsPositiveTest01, 1); UtRegisterTest("SCRuleVarsNegativeTest02", SCRuleVarsNegativeTest02, 1); UtRegisterTest("SCRuleVarsPositiveTest03", SCRuleVarsPositiveTest03, 1); UtRegisterTest("SCRuleVarsNegativeTest04", SCRuleVarsNegativeTest04, 1); + + UtRegisterTest("SCRuleVarsMTest01", SCRuleVarsMTest01, 1); #endif return;